Skip to content

a basic service template for operating cloud-native services

Notifications You must be signed in to change notification settings

O1ahmad/basic-service

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ansible logo

Basic-Service

Galaxy Role GitHub release (latest by date) License: MIT

Configure and operate a basic cloud-native service: running anything from cypto blockchain clients to the immense app store of open-source (Apache, CNCF and beyond) services.

Requirements

Systemd, installation of the docker engine or a Kubernetes cluster.

Role Variables

Common

var description default
setup_mode infrastructure provisioning setup mode (container, k8s, systemd) undefined
name name of service to deploy required
command Command and arguments to execute on startup required
user service user to setup <operatoring-user>
group service group to setup <operatoring-user>
config configuration files associated with the service to mount {}
config_env environment variables to set within the service runtime {}
ports listening port information for a service {}
data_dirs directory mappings to store service runtime/operational data {}
host_data_dir host directory for general deployment operations ``
cpus CPU resources each deployed service can use (either percentage for systemd or cores for containers) 100
memory available memory resources each deployed service can use 1G
restart_policy service restart policy unless-stopped
uninstall whether to remove installed service and artifacts false

Container

var description default
image service container image to deploy
network_mode container network to attach (more info) bridge

Systemd

var description default
binary_url URL of the binary file to download
binary_file_name_override Override the binary file name after moving it to the destination directory
binary_strip_components Strip NUMBER leading components/directories from file names on extraction 0
destination_directory directory where the binary file will be placed after downloading/extracting /usr/local/bin
systemd custom service type & unit, service and install properties {}

Kubernetes (k8s)

To authorize access to the target Kubernetes cluster, set the following environment variables:

export KUBECONFIG=<path-to-the-kubeconfig-file>
export KUBE_CONTEXT=<context-within-the-kubeconfig-to-use>
var description default
helm_chart_path path to Helm chart to use for the service deployment/release ../../helm
helm_namespace Kubernetes namespace to deploy to default
helm_values_path file to load Helm chart values (see here for available values) values.yml

Containerized Apps

Dependencies

roles:
- name: ansible-role-systemd
  url: git+https://github.com/O1ahmad/ansible-role-systemd.git

# ansible-galaxy install git+https://github.com/O1ahmad/ansible-role-systemd.git

collections:
- name: community.docker

Example Playbook

  • Launch a Wireguard client which establishes a secure peer tunnel connection:
- name: Configure WireGuard VPN
  hosts: VPNServers
  remote_user: devops
  become: true
  roles:
    - role: basic-service
      vars:
        setup_mode: systemd
        name: wireguard
        user: wireguard
        binary_url: https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-1.0.20210424.tar.xz
        binary_file_name_override: wireguard
        command: >
          /usr/local/bin/wg-quick up wg0
        cpus: 50
        memory: 1G
        config:
          wg0.conf:
            destinationPath: /etc/wireguard/wg0.conf
            data: |
              [Interface]
              PrivateKey = <Your-Private-Key>
              Address = 10.0.0.1/24
              ListenPort = 51820

              [Peer]
              PublicKey = <Peer-Public-Key>
              Endpoint = <Peer-Public-IP>:51820
              AllowedIPs = 10.0.0.2/32
        ports:
          wireguard:
            ingressPort: 51820
            servicePort: 51820
        systemd:
          service_properties:
            ExecStop: /usr/local/bin/wg-quick down wg0
            Restart: on-failure
  • Provision an Ethereum execution and consensus client connected to the Sepolia testnet and monitor with the XATU service
- name: Configure Ethereum execution layer clients
  hosts: EthereumSepolia
  become: true
  roles:
    - role: basic-service
      vars:
        setup_mode: systemd
        name: reth
        user: ubuntu
        binary_url: https://github.com/paradigmxyz/reth/releases/download/v1.1.4/reth-v1.1.4-x86_64-unknown-linux-gnu.tar.gz
        binary_file_name_override: reth
        command: >
          /usr/local/bin/reth node --full --chain=sepolia --http --http.addr 0.0.0.0 --http.api "admin,debug,eth,net,txpool,web3,rpc,reth,ots,flashbots,miner" --metrics 0.0.0.0:8085
        cpus: 50
        memory: 5G
        config:
          reth.toml:
            destinationPath: /home/ubuntu/reth.toml
            data: |
              # add configuration values

- name: Configure Ethereum consensus layer clients
  hosts: EthereumSepolia
  become: true
  roles:
    - role: basic-service
      vars:
        setup_mode: systemd
        name: lighthouse
        user: ubuntu
        binary_url: https://github.com/sigp/lighthouse/releases/download/v6.0.0/lighthouse-v6.0.0-x86_64-unknown-linux-gnu.tar.gz
        binary_file_name_override: lighthouse
        command: >
          lighthouse bn --network sepolia --checkpoint-sync-url https://checkpoint-sync.sepolia.ethpandaops.io/
          --execution-endpoint http://localhost:8551 --execution-jwt /home/ahmad/.local/share/reth/sepolia/jwt.hex
          --http --http-address 0.0.0.0
          --metrics --metrics-address 0.0.0.0 --metrics-port 8086
        cpus: 50
        memory: 5G

- name: Configure XATU server for analytics
  hosts: EthereumSepolia
  become: true
  roles:
    - role: basic-service
      vars:
        setup_mode: container
        name: xatu-server
        image: ethpandaops/xatu:latest
        command: sentry --preset ethpandaops --beacon-node-url=http://localhost:5052 --output-authorization="Basic <redacted>"
        cpus: 0.5
        memory: 5g
        network_mode: host

License

MIT

Author Information

This Ansible role was created in 2023 by O1.IO.

🏆 always happy to help & donations are always welcome 💸

  • ETH (Ethereum): 0x652eD9d222eeA1Ad843efec01E60C29bF2CF6E4c

  • BTC (Bitcoin): 3E8gMxwEnfAAWbvjoPVqSz6DvPfwQ1q8Jn

  • ATOM (Cosmos): cosmos19vmcf5t68w6ug45mrwjyauh4ey99u9htrgqv09

About

a basic service template for operating cloud-native services

Resources

Stars

Watchers

Forks

Packages

No packages published